Cybersecurity: don’t learn the hard way

Often we are told, to understand something we need to experience it for ourselves. This applies to most things in life, including business but I would argue it certainly does not apply to cybercrime and fraud. In these scenarios it is much better to learn from the experiences of others.

" In recent times we have seen an explosion of cyber enabled fraud attacks against customers and other businesses."
Tamsyn Harris, Head of Fraud Risk Strategy, ANZ

Criminals have been focusing more and more on businesses as a source of their exploits, as banks have hardened their defences. But what is it banks can teach their customers so they too don’t become a target?

The shift towards attacking businesses has led to a number of new attack scenarios.  

Since January 2015, there has been a 1,300 percent increase in identified exposed losses from cybercrime attacks, totaling over 3.1B and impacting more than 22,000 victims.

"The victims of the BEC scam range from small businesses to large corporations. The victims continue to deal in a wide variety of goods and services, indicating a specific sector does not seem to be targeted," the FBI says.

Click image to zoom Tap image to zoom


It is not just the financial losses (although significant) businesses have to deal with. When fraud occurs there are often a lot of questions about how it happened, who did it, why us? In my experience, there are always more questions than answers.

Often even when there are answers they don’t give the comfort or satisfaction desired and what results is the erosion of trust; trust between customer and banker, trust within a company and between their board and the list goes on.

Often it isn't possible to identify who perpetrated the attack and why. Instead the focus needs to be on preventing these attacks in the first place. That is where education and knowledge sharing come in.


It is well known banks have been the favoured targets for fraudsters for many years. Over these years we have developed an understanding of fraud and various attack scenarios but more importantly, we have learned how best to prevent and respond to these attacks.

It is important for businesses to understand what they have of value to cybercriminals. Money is the obvious one, where the first type of attack experienced by businesses is often a fraudulent payment.

But businesses are also a rich source of information - both business intelligence information and personal information. 

Directors and other high profile individuals can find themselves targets - there are plenty of examples of cybercriminals gathering data from social media and using social engineering techniques targeted towards individuals to attack organisations.

Once a business understands what may be of value, they should focus on how to protect it. Cybersecurity controls are often the first thoughts, but even more simple actions such as raising awareness of threats and planning how you would respond in the event of an attack can make a big difference. 

It is also important these conversations are held across all levels of the organisation, from the Board down. It is everyone's responsibility to protect themselves and their businesses against cybercrime.  

To foster these conversations, companies - including banks - are providing educational materials on cybersecurity and cybercrime.

To help fight financial crimes, banks are working to build stronger relationships and collaborate across industry and with governments to share learnings on specific threats and preventative measures.

Over time this improves everyone’s resistance to attack. As we learn from each other’s experiences this increases the sophistication of our defences across not just technology, but our processes and people. 

In October, ANZ will be partnering with Stay Smart Online SSO to share important information about cybercrime with customers.

This year the theme for SSO week is 'Cybersafety from the lounge room to the board room’, encouraging businesses to get involved and start up a conversation about how they can improve cyber defences.

During SSO, ANZ is hosting awareness activities to actively encourage secure behaviours.

Tamsyn Harris is Head of Fraud Risk Strategy at ANZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

26 Sep 2016

Distributed ledger technology and opportunities in correspondent banking

Chris T’en, Jackie Kallman & Larry Feinberg | Senior Manager Payments Portfolio & Manager Innovation Services, ANZ & Wells Fargo

Every day, payment disruptors and competitors across the globe are reminding banks the cross-border payment industry is ripe for rejuvenation, promising faster and lower cost alternatives to the current international payment process. Customers expect more and banks are investing to meet and exceed those expectations.

19 Sep 2016

It’s good business to put things right

Kylie Rixon | Chief Risk Officer Wealth and Digital, ANZ

Things go wrong in business. In this day and age when that happens the news can be instantly all over social media. The community is very sensitive to corporate culture and banks in particular.

25 Aug 2016

Eight ways to protect your business from the cybercrime wave

Craig Bromley | Head of Digital Design & Readiness, Wholesale Digital Transformation

Not a day passes now without us being reminded digital technology can be both friend and foe. Cloud computing, centralisation of IT resources and greater connectivity are just some of the developments increasing convenience for businesses. Sadly with these developments come risk, and cybercrime is the dark side of doing business in the digital age.